Google Rebuffs Customer's Security Flaw Claim

Before you go around issuing a press release that slams Google, read its documentation carefully first, as one of its customers learned the embarrassing way.

On Tuesday IceWarp, a multi-lingual CRM platform, circulated a statement claiming it had discovered vulnerabilities in Google Translate API v.2, which would allow "anyone with basic hacking skills" to "easily hijack the solution and expose unsuspecting users to unwanted fees.”

“We were really surprised to find out that virtually anyone with basic hacking skills can steal a customer code. It is relatively easy, since Google Translate is typically using JavaScript. The code is visible to everybody directly in the HTML code of the page," said Ladislav Goc, IceWarp president, in the statement. IceWarp had licensed the Google product to power LiveWebAssist, its hosted business chat service, and said it discovered the flaw while working on integration issues.

Goc said the company resolved the problem by creating its own PHP objects to call Google Translate from the server side.

But after receiving shrugs from several security experts about the release, we asked Google. The spokesperson said IceWarp's "security issue" was actually just a configuration problem.

"Our documentation for the APIs Console specifies that developers can restrict their API key to referers they specifically allow," he said. "As a best practice for security, we recommend that developers proxy the API requests through their own server to keep their key private."

Many developers do, in fact, use the API on the server side already.

Google began charging developers for using the Google Translate API back in August, for $20 per million characters of translated text (around $0.05 a page). Courtesy use of Translate API v2 ends on December 1, 2011.

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service

//Stay Connected

Get Product Reviews, Deals, & the Latest News from PCMag

sign up

Plus, get a free copy of PCMag for your iPhone or iPad today.

Offer valid for new PCMag app downloads only. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy.

THANK YOU FOR SUBSCRIBING!

Please follow this link (or search for the PC Magazine app on your iPad or iPhone) to get your free issue. Offer valid for new app downloads.

//Featured Programs

//our current issue

Select Term:

24 issues for $29.99 ONLY $1.25 an issue! Lock in Your Savings!

12 issues for $19.99ONLY $1.67 an issue!

State

Country

This transaction is secure

Automatic Renewal Program: Your subscription will continue without interruption for as long as you wish, unless
you instruct us otherwise. Your subscription will automatically renew at the end of the term unless you authorize
cancellation. Each year, you'll receive a notice and you authorize that your credit/debit card will be charged the
annual subscription rate(s). You may cancel at any time during your subscription and receive a full refund on all
unsent issues. If your credit/debit card or other billing method can not be charged, we will bill you directly instead. Contact Customer Service